Each OpenStack service, has its own role-based access policies.
They determine which user can access which resources in which way,
and are defined in the service’s policy.json file.

Warning

While editing policy.json is supported, modifying the policy can
have unexpected side effects and is not encouraged.

TripleO supports custom API access policies through parameters in
TripleO Heat Templates.
To enable this feature, you need to use some parameters to enable
the custom policies on the services you want.

Creating an environment file and adding the following arguments to your
openstackoverclouddeploy command will do the trick: